Re: [Cfrg] review of draft-irtf-cfrg-hpke-05

"Manger, James" <James.H.Manger@team.telstra.com> Mon, 17 August 2020 01:59 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E6F23A12D9 for <cfrg@ietfa.amsl.com>; Sun, 16 Aug 2020 18:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=team.telstra.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHAToMf1rLv3 for <cfrg@ietfa.amsl.com>; Sun, 16 Aug 2020 18:59:40 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C5AD3A12CD for <cfrg@irtf.org>; Sun, 16 Aug 2020 18:59:38 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.76,322,1592834400"; d="scan'208";a="280224377"
X-Amp-Result: SKIPPED(no attachment in message)
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipocvi.tcif.telstra.com.au with ESMTP; 17 Aug 2020 11:59:34 +1000
Received: from wsapp5584.srv.dir.telstra.com ([10.75.131.20]) by ipcbvi.tcif.telstra.com.au with ESMTP; 17 Aug 2020 11:59:35 +1000
Received: from wsapp5584.srv.dir.telstra.com (10.75.131.20) by wsapp5584.srv.dir.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 17 Aug 2020 11:59:35 +1000
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (10.172.229.126) by autodiscover.team.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 17 Aug 2020 11:59:35 +1000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GzBfGtscGMJWl1CE/yY7X5ytDvhkQKg4SXC0JFAZJ0C15zDSGwZSd7Cv1CsZd517QHxUbaqOqlWhJMrvYRSzYNe7lf4FZ6f4+vkMHIW3ybrNHUvsmLt5UkU5PBMyHm2cbDocSERhqdUEE+eWrXS9S3UikjUJrb/3nQ7njInabGZvfgfDzjsL+pOak0NXg6taCWD6x4ZZvhYDpSDKTt0OvQYgSHsXCLCnEzZZ2DF9Nx6rRCA0ubaUMe/kNrB9sz7Mtr7P55FrrDghV5AKOQ3jrpNlqWnXZijU2EZFjsnPIy+TVOf5ob2TBob6Cg3SMNwWMmf5qQwlaCuWmy2hWeAKlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hyxMydhD817d1AaqFx/xBcC+4eAm8tXsKj6LOW+FWlg=; b=iyO0SoHXILS0OKm9aEhvmVSSRH/Oi6W3gC6z1hL/im3wqZZz8Rpd36Jw334dOEXlFzLZaQkSUeq7s7AS1kVPvvzLc9pIm7+UNJqvO7gwl9BC1mLNjbEiaGyUF3jbDvlUuIK7o858agJAkA2VY7JDPoEoi7WyvCFIBr0qnZ60VN0OFW6xPYtQfwsIMmX+7LZIuE20HD11+tPcZKZ/8c/CAU+CtdsgPjKxIImdqCDzGgW/GNbeM3l6hO0IDalsGm/P+TNyLEi0jrUuTKHpy8F17ucCCIjOUS7ByD5o3p6SeQ3SwNVtsEkxsbb0kBcrf0RVGqfO5R3mQo2GoG9vPmPGXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.telstra.com; dmarc=pass action=none header.from=team.telstra.com; dkim=pass header.d=team.telstra.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.telstra.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hyxMydhD817d1AaqFx/xBcC+4eAm8tXsKj6LOW+FWlg=; b=Cen57OVoNoyoenTpx5hfOnbgtPy7UYbAeuHB7v/W7xftLED3uafP0f0TvBiyaY+imN6QrpxwGyzZViktH3DyAP+D1WINCRGCyfFfZDpirjcmF3NnRWfVrv9ED5VDBOEKmeySQy4qsu/eEm0EScoiuEcXzVuf/SvamkOS++EShgU=
Received: from ME2PR01MB3011.ausprd01.prod.outlook.com (2603:10c6:201:19::12) by ME2PR01MB4291.ausprd01.prod.outlook.com (2603:10c6:220:49::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16; Mon, 17 Aug 2020 01:59:32 +0000
Received: from ME2PR01MB3011.ausprd01.prod.outlook.com ([fe80::e0dc:d13e:a195:4764]) by ME2PR01MB3011.ausprd01.prod.outlook.com ([fe80::e0dc:d13e:a195:4764%7]) with mapi id 15.20.3283.027; Mon, 17 Aug 2020 01:59:32 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Christopher Wood <caw@heapingbits.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] review of draft-irtf-cfrg-hpke-05
Thread-Index: AQHWbzrlIpawAL8KcEaaBnKhy3MFb6k5OouAgAAGNoCAAk7qkA==
Date: Mon, 17 Aug 2020 01:59:32 +0000
Message-ID: <ME2PR01MB3011511E2F548C53F7D699A6E55F0@ME2PR01MB3011.ausprd01.prod.outlook.com>
References: <4025d64f-9d7d-5474-b3ce-d2829d3a0df1@cs.tcd.ie> <4675a341-c465-4ee3-8215-3b2317a9d132@www.fastmail.com> <8a609aeb-91f1-96a8-705b-135b346a41b4@cs.tcd.ie>
In-Reply-To: <8a609aeb-91f1-96a8-705b-135b346a41b4@cs.tcd.ie>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.100.23
dlp-reaction: no-action
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none; cs.tcd.ie; dmarc=none action=none header.from=team.telstra.com;
x-originating-ip: [144.132.40.82]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5074b7da-d019-48d7-d35d-08d842512f70
x-ms-traffictypediagnostic: ME2PR01MB4291:
x-microsoft-antispam-prvs: <ME2PR01MB4291D5FD25EBFB74A18B2C7CE55F0@ME2PR01MB4291.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JWcd7smR+kMUqJ7tn2kb4n9nLsxeq16EAUgKzP1s0FUpHIuJ0s7VP1ZLukGJalHOZZ0zmBlKAAsMunp23qMEUhydltVy37L8tBCT/ZLfdTEqHDe6C/09vREdLbAIXeIR4LIbTGnR7xVnlq84KpVqSuwv2R4pKKLpOinrO7CZMSx9VBcLZrN1ZnRP39IUXOv3wox8R0rl/bUjgc8GE0pvpF3u8A8Cj+s3iLb7qHnrWSs172YFnQTQ9DqT+2Q7FyuteHAniAnO0PSWQMU8sH2rjL4O9OyCn+hbDI/U49Pbmi693xWVeY8AZqx1t5sUHQJzZZ8g3QeQ6QObts+P0nvOWnhrb02fcUjZ//RGluxVn376gMVgscN1IxaLwJXlEU/atYETBBgQbVkXwSDso2gs/A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME2PR01MB3011.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39860400002)(396003)(346002)(136003)(366004)(52536014)(86362001)(8676002)(186003)(296002)(316002)(83380400001)(33656002)(5660300002)(26005)(7696005)(8936002)(2906002)(55016002)(66446008)(110136005)(66556008)(71200400001)(66476007)(66946007)(76116006)(478600001)(966005)(53546011)(6506007)(9686003)(64756008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: T00qat0gDBZQZdPaEUBB1Fu+nMVTPBRUeX5WMdRIVvA2hoYnYmMimxnmtQfXenREwVh073Ozx1kLn0mxovPQr6xjCX8St2dVBopXvJi7YIPdNUzL40KK3y0a4TszwJ5cKtWysx5+sDQ+/3aMRrnUrSCxPBdAlc8Yeb6Frt9RUbVPun7WLp9UQ6tipQcg0kMpyPwXodFNWed6Esf0ZexgWKD+6ZpN6CcOoW5L84zHqBX8ByNZdHi6F8TiQ5nQIxQnfiDCdsovh3xIDp3A5jEBs/QcG2qa+oLoAdFK592YCvAyzoSNobIXJ0gYROIq56ezyofTweZBebhPhngnotBRqkb3tbJE2tT6AxGFmZ/Exi31QX+bti/NZxKF4tvQyRjUbfD6yYTSlgfyvvS43cSbdVoiaFoVip5HUsR7WYzd1e2HQu15+OnT3bYBNn9yVDoyVXPfWxHsZOC4SeHGYgzl2nY1Hzs9lPmwnwOa8HPGo6ULy/SgYhyMOFLanOdc4jTLjeuqD/kUHaEzA3c9jhp5F33WBxzfyglpnPkOnVUiaD2ilPif/kpFa4uUAOul5sLmgpPJrm+GO4R2a7MhTc2ekPzwCh9k/Xi+k645SRrR6tPdLTo1JN7nKI41RKCi8xS2MH4EsVs1TWFa5dh3szBrVQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME2PR01MB3011.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5074b7da-d019-48d7-d35d-08d842512f70
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2020 01:59:32.7643 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8igLR0l0pbplkijSiSIiivK9eVDEcCbtLPnELmIsv4PZTkYkEEzSdi7POVZMB59M4STMIskV6GrUPjGruxvalR9PFPkGspfDykD9LivL0Qs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB4291
X-OriginatorOrg: team.telstra.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/D6W9LMF1O78OOssRLRFPZjvmZLo>
Subject: Re: [Cfrg] review of draft-irtf-cfrg-hpke-05
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 01:59:43 -0000

HTTP/2 Version Identification https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-3.1 took a different approach to this issue.
It defined the final string "h2"; said only implementations of the final, published RFC can use that; earlier implementations MUST NOT use that; they can use "h2-<draft-number>", eg "h2-17"; a note to the rfc-editor asked for this text to be remove in the final RFC.

That avoids the risk of delays in the publication pipeline; but increases the risk that an implementation of an incompatible early draft ignores the text and uses the final id. It is probably a better compromise.

--
James Manger

-----Original Message-----
From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Stephen Farrell
Sent: Sunday, 16 August 2020 12:23 AM
To: Christopher Wood <caw@heapingbits.net>; cfrg@irtf.org
Subject: Re: [Cfrg] review of draft-irtf-cfrg-hpke-05

[External Email] This email was sent from outside the organisation – be cautious, particularly with links and attachments.

Hiya,

Just a bit more on one thing below...

On 15/08/2020 15:00, Christopher Wood wrote:
>> - Do we really need to s/HPKE-05/RFCXXXX/ later? Why not just change 
>> to "HPKE-first-rfc" once the RG are done with the document?
>> (There can be delays @ IRSG and subsequently that I'd prefer not have 
>> to affect interop.)
>
> This was done to ensure each draft version (going forward) is 
> incompatible. We probably should have done this from the start.

Sure, I get the "why" and am fine with that. The only concern is that when the RG are finished and then hit "publication requested" it might take a while for the RFC number to be known (e.g. a few months). This draft, plus the esni and svcb drafts are likely to form a small cluster so that might well extend the delays some. If MLS were added to that cluster that might add more too.

If OTOH, we ask the RFC editor to replace with a string we already know then I think that should reduce the need for breaking interop after the cluster-induced delay.
(It's true that for this to be useful, the same trick might need to be more widely adopted, but starting with hpke seems fine as others in the putative cluster would depend on this and not the other way about.)

Cheers,
S.